Beyond Banning AI: A First Look at GenAI Governance in Open Source Software Communities

TL;DR

This paper explores how open source software communities are managing generative AI, revealing diverse governance strategies beyond simple bans, and providing a structured overview of current practices.

Contribution

It offers the first systematic analysis of GenAI governance in OSS, identifying key concerns, orientations, and strategies used by communities.

Findings

Governing GenAI involves multiple dimensions like accountability and verification.

Three governance orientations are identified across OSS projects.

Twelve governance strategies are mapped with implementation patterns.

Abstract

Generative AI (GenAI) is playing an increasingly important role in open source software (OSS). Beyond completing code and documentation, GenAI is increasingly involved in issues, pull requests, code reviews, and security reports. Yet, cheaper generation does not mean cheaper review - and the resulting maintenance burden has pushed OSS projects to experiment with GenAI-specific rules in contribution guidelines, security policies, and repository instructions, even including a total ban on AI-assisted contributions. However, governing GenAI in OSS is far more than a ban-or-not question. The responses remain scattered, with neither a shared governance framework in practice nor a systematic understanding in research. Therefore, in this paper, we conduct a multi-stage analysis on various qualitative materials related to GenAI governance retrieved from 67 highly visible OSS projects. Our analysis identifies recurring concerns across contribution workflows, derives three governance orientations, and maps out 12 governance strategies and their implementation patterns. We show that governing GenAI in OSS extends well beyond banning - it requires coordinated responses across accountability, verification, review capacity, code provenance, and platform infrastructure. Overall, our work distills dispersed community practices into a structured overview, providing a conceptual baseline for researchers and a practical reference for maintainers and platform designers.